Correlation of Sensory Inputs to Identify Unauthorized Persons

ABSTRACT

A networked system for managing a physical intrusion detection/alarm includes an upper tier of server devices, comprising: processor devices and memory in communication with the processor devices, a middle tier of gateway devices that are in communication with upper tier servers, and a lower level tier of devices that comprise fully functional nodes with at least some of the functional nodes including an application layer that execute routines to provide node functions, and a device to manage the lower tier of devices, the device instantiating a program manager that executes a state machine to control the application layer in each of the at least some of the functional nodes.

CLAIM OF PRIORITY

This application claims priority under 35 U.S.C. §119(e) to provisionalU.S. Patent Application 61/973,962, filed on Apr. 2, 2014, entitled:“Wireless Sensor Network”, and provisional U.S. Patent Application61/946,054, filed on Feb. 28, 2014, entitled: “Wireless Sensor Network”,the entire contents of which are hereby incorporated by reference.

BACKGROUND

This description relates to operation of sensor networks such as thoseused for security, intrusion and alarm systems installed on commercialor residential premises.

It is common for businesses and homeowners to have a security system fordetecting alarm conditions at their premises and signaling theconditions to a monitoring station or to authorized users of thesecurity system. Security systems often include an intrusion detectionpanel that is electrically or wirelessly connected to a variety ofsensors. Those sensors types typically include motion detectors,cameras, and proximity sensors (used to determine whether a door orwindow has been opened). Typically, such systems receive a very simplesignal (electrically open or closed) from one or more of these sensorsto indicate that a particular condition being monitored has changed orbecome unsecure.

Typical intrusion systems can be set up to monitor entry doors in abuilding. When the door is secured, the proximity sensor senses amagnetic contact and produces an electrically closed circuit. When thedoor is opened, the proximity sensor opens the circuit, and sends asignal to the panel indicating that an alarm condition has occurred(e.g., an opened entry door). Government entities, companies, academicinstitutions, etc. issue credentials to employees, contractors,students, etc. to control access to buildings and facilities, indoorsand outdoors. Individuals who bypass security systems to gain access,either intentionally or unintentionally, are difficult to identify andlocate.

SUMMARY

Prior solutions regarding credentials have focused on technologies suchas video surveillance to address access problems. Once a person hasgained access, however, it is difficult to impossible to distinguishbetween those with valid credentials and those without validcredentials.

According to an aspect of a system for physical intrusiondetection/alarm monitoring includes one or more computing devices,including processor devices and memory in communication with theprocessor devices, configured to correlate sensory input fromcredentials or badges with video, receive sensory inputs fromcredentials or badges within a monitored premises, receive videoinformation from cameras and other image capture devices disposedthroughout the premises, and continually correlate the received sensoryinputs from these credentials or badges with the received video.

One or more of the following are some of the embodiments within thescope of this aspect. system is further configured to apply one or morealgorithms to detect the presence of a possible non-credentialedindividual and track at least the non-credentialed individual andproduce an alert to send to a control center to alert authorities to thelocation of the non-credentialed individual. The system is furtherconfigured to apply video recognition to identify the number of peoplein a certain area and correlate that data with data from one or moreremote badge readers to identify the appropriately number of badgedindividuals in a group of individuals within a monitored area. Thesystem is further configured to determine a mismatch between the numberof individuals in the area and a number of read badges or credentials.The system is further configured to continually track all individualsand their movements throughout the premises, correlate those movementswith different readings of valid credentials or badges to isolate one ormore non-credentialed individuals. The one or more computing devicesinclude an application layer that executes routines to provide nodefunctions that can be dynamically changed. At least some of the nodesare cameras and others are credential readers. Certain of the nodes areconfigured to apply video recognition to frames of captured video torecognize features that correspond to individuals appearing in thecaptured frames and determine a number of people within the image. Inone or more of the certain nodes, the one or more of the certain nodesare configured to change the video recognition algorithm that is appliedto find features that correspond to a number of individuals. The systemis further configured to correlate paths taken by different individualswith different readings of valid credentials or badges from the same ordifferent sets of cameras/readers.

One or more aspects may provide one or more of the following advantages.

By correlating sensory input from credentials or badges that usetechnologies such as RFID, Bluetooth low energy (BLE), MAC addressesfrom cell phones, NFC, etc. with video; individuals without validcredentials can be identified and tracked. Video recognition is used toidentify the number of people in a certain area. A remote reading badgeis used to identify the appropriately badged employees by tracking thepersonnel movement and correlating that with the movement of the validID. Once the non-badged individual is segregated from the validpersonnel, biometrics such as face, iris or just video recognition areused to track the individual(s) and allow authorities to intervene.

The details of one or more embodiments of the invention are set forth inthe accompanying drawings and the description below. Other features,objects, and advantages of the invention is apparent from thedescription and drawings, and from the claims.

DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic diagram of an exemplary networked security system.

FIG. 2 is a flow chart of a correlation algorithm.

FIG. 3 is flow chart of an example tracking process.

FIG. 4 is a block diagram of components of an example networked securitysystem.

DETAILED DESCRIPTION

Described herein are examples of network features that may be used invarious contexts including, but not limited to, security/intrusion andalarm systems. Example security systems may include an intrusiondetection panel that is electrically or wirelessly connected to avariety of sensors. Those sensors types may include motion detectors,cameras, and proximity sensors (used, e.g., to determine whether a dooror window has been opened). Typically, such systems receive a relativelysimple signal (electrically open or closed) from one or more of thesesensors to indicate that a particular condition being monitored haschanged or become unsecure.

For example, typical intrusion systems can be set-up to monitor entrydoors in a building. When a door is secured, a proximity sensor senses amagnetic contact and produces an electrically closed circuit. When thedoor is opened, the proximity sensor opens the circuit, and sends asignal to the panel indicating that an alarm condition has occurred(e.g., an opened entry door).

Data collection systems are becoming more common in some applications,such as home safety monitoring. Data collection systems employ wirelesssensor networks and wireless devices, and may include remoteserver-based monitoring and report generation. As described in moredetail below, wireless sensor networks generally use a combination ofwired and wireless links between computing devices, with wireless linksusually used for the lowest level connections (e.g., end-node device tohub/gateway). In an example network, the edge (wirelessly-connected)tier of the network is comprised of resource-constrained devices withspecific functions. These devices may have a small-to-moderate amount ofprocessing power and memory, and may be battery powered, thus requiringthat they conserve energy by spending much of their time in sleep mode.A typical model is one where the edge devices generally form a singlewireless network in which each end-node communicates directly with itsparent node in a hub-and-spoke-style architecture. The parent node maybe, e.g., an access point on a gateway or a sub-coordinator which is, inturn, connected to the access point or another sub-coordinator.

Referring now to FIG. 1, an exemplary (global) distributed network 10topology for a Wireless Sensor Network (WSN) is shown. In FIG. 1 thedistributed network 10 is logically divided into a set of tiers orhierarchical levels 12 a-12 c.

In an upper tier or hierarchical level 12 a of the network are disposedservers and/or virtual servers 14 running a “cloud computing” paradigmthat are networked together using well-established networking technologysuch as Internet protocols or which can be private networks that usenone or part of the Internet. Applications that run on those servers 14communicate using various protocols such as for Web Internet networksXML/SOAP, RESTful web service, and other application layer technologiessuch as HTTP and ATOM. The distributed network 10 has direct linksbetween devices (nodes) as shown and discussed below.

The distributed network 10 includes a second logically divided tier orhierarchical level 12 b, referred to here as a middle tier that involvesgateways 16 located at central, convenient places inside individualbuildings and structures. These gateways 16 communicate with servers 14in the upper tier whether the servers are stand-alone dedicated serversand/or cloud based servers running cloud applications using webprogramming techniques. The middle tier gateways 16 are also shown withboth local area network 17 a (e.g., Ethernet or 802.11) and cellularnetwork interfaces 17 b.

The distributed network topology also includes a lower tier (edge layer)12 c set of devices that involve fully-functional sensor nodes 18 (e.g.,sensor nodes that include wireless devices, e.g., transceivers or atleast transmitters, which in FIG. 1 are marked in with an “F”) as wellas constrained wireless sensor nodes or sensor end-nodes 20 (marked inthe FIG. 1 with “C”). In some embodiments wired sensors (not shown) canbe included in aspects of the distributed network 10.

Constrained computing devices 20 as used herein are devices withsubstantially less persistent and volatile memory other computingdevices, sensors in a detection system. Currently examples ofconstrained devices would be those with less than about a megabyte offlash/persistent memory, and less than 10-20 kbytes of RAM/volatilememory). These constrained devices 20 are configured in this manner;generally due to cost/physical configuration considerations.

In a typical network, the edge (wirelessly-connected) tier of thenetwork is comprised of highly resource-constrained devices withspecific functions. These devices have a small-to-moderate amount ofprocessing power and memory, and often are battery powered, thusrequiring that they conserve energy by spending much of their time insleep mode. A typical model is one where the edge devices generally forma single wireless network in which each end-node communicates directlywith its parent node in a hub-and-spoke-style architecture. The parentnode may be, e.g., an access point on a gateway or a sub-coordinatorwhich is, in turn, connected to the access point or anothersub-coordinator.

Each gateway is equipped with an access point (fully functional node or“F” node) that is physically attached to that access point and thatprovides a wireless connection point to other nodes in the wirelessnetwork. The links (illustrated by lines not numbered) shown in FIG. 1represent direct (single-hop network layer) connections between devices.A formal networking layer (that functions in each of the three tiersshown in FIG. 1) uses a series of these direct links together withrouting devices to send messages (fragmented or non-fragmented) from onedevice to another over the network.

The WSN 10 implements a state machine approach to an application layerthat runs on the lower tier devices 18 and 20. Discussed below is anexample of a particular implementation of such an approach. States inthe state machine are comprised of sets of functions that execute incoordination, and these functions can be individually deleted orsubstituted or added to in order to alter the states in the statemachine of a particular lower tier device.

The WSN state function based application layer uses an edge deviceoperating system (not shown, but such as disclosed in the abovementioned provisional application) that allows for loading and executionof individual functions (after the booting of the device) withoutrebooting the device (so-called “dynamic programming”). In otherimplementations, edge devices could use other operating systems providedsuch systems allow for loading and execution of individual functions(after the booting of the device) preferable without rebooting of theedge devices.

Referring now to FIG. 2 a process 30 that executes on one or morecomputers disposed within the distributed network 10 is shown. Inalternative arrangements, the process 30 can be used in any otherarrangement besides the distributed network 10 described above providedthat video data and sensed credential data are supplied to thecomputer(s). The process 30 correlates sensory input from credentials orbadges that use technologies such as RFID, Bluetooth low energy (BLE),MAC addresses from cell phones, NFC, etc. with captured video.

The process 30 executes on the one or more computers, and receives 32sensory inputs from credentials or badges within a monitored premises.Sensors such as some of the nodes in FIG. 1 sense the presence of acredential tag typically carried by an individual passing through arange of the sensor. These sensors receive signals from badge/tagdevices that incorporate circuitry operative using radio frequencyidentification (RFID), Bluetooth® low energy peer to peer devices, MACaddresses from cell phones, and near field communication (NFC) devicesoperative using a set of standards for smartphones and similar devicesto establish radio communication with each other by touching themtogether or bringing them into proximity, etc. that are dispersedthroughout a monitored premises. The process 30 also receives 34 videoinformation from cameras and other image capture devices that aredisposed throughout the premises. The process 30 continually applies oneor more algorithms to detect the presence of a possible non-credentialedindividual to continually correlate the received sensory inputs fromthese credentials or badges, etc. with the received video.

The process 30 seeks to track individuals, especially individualswithout valid credentials or badges for a particular monitored area. Theprocess 30 applies one or more algorithms that detect the presence of apossible non-credentialed individual, tracks 38 at least thenon-credentialed individual, alerts 40 authorities of the presence of anon-credentialed individual within the premises, and continuallyprocessing of inputs to isolate tracking of the non-credentialedindividual to a particular, e.g., pinpoint location and alert 42authorities to the isolated location of the non-credentialed individual.

During processing in FIG. 2, various ones of the nodes in FIG. 1 can bebrought to bear on tracking of the non-credentialed individual orgenerally tracking of credentialed individuals. Thus, the servers ofFIG. 1 or other systems can generate updates to functions (not shown)that are performed at the lower tiers, these nodes can receive 46 thesenew or updated functions and apply 48 the changed function to processingof FIG. 2.

Referring now to FIG. 3 an example of algorithmic processing 60 for thetracking process 30 of FIG. 3, is shown. Cameras dispersed without thepremises being monitored. Generally, the processing 36 of FIG. 2 isshown with details. One camera in an area captures video and applies 62video recognition to frames of captured video. The video recognition isused to recognize features that correspond to, e.g., individualsappearing in the captured frames. The video recognition determines anumber of people with the image, where the image is correlated to thearea captured by the camera. At this junction the video recognition thatis applied can be rather coarse to conserve processing or allow suchprocessing to be performed at nodes within the lower tier, as it merelyneeds to find features that correspond to a number of individuals.

A remote badge reader that can be one of the nodes in the network 10 hasa range that coincides, or overlaps or otherwise can be correlated tothe area that was captured in the video frames. This remote badge readerand camera can be considered as a current set.

The computer(s) receives 64 badge/tag data from those individuals thatare within the range of operation of the badge reader. The remote badgereader and/or computer(s) determines 66 the number of badged individualsthat pass through the region within the range of operation of the remotebadge reader. If the area captured by the remote badge reader coincideswith the area captured by the camera, this data can be processed,otherwise they may be some correlation (not shown) need to correlate thearea captured in the video frames with the area within the range of thecard reader.

The computer compares the number of recognized individuals in frames tothe number of received badges from the reader. If the process 60determines that there is a mismatch between the number of individuals inthe area and a number of badges (or credentials), the process 60continues (generally, the processing 38 of FIG. 2) to track 68 all ofthose individuals and their movements throughout the premises bycontinually applying 62 video recognition to frames of captured video,receive 64 badge/tag and determining 66 the number of badged individualsthat pass through the region within the range of badge readers withrespect to the number of recognized individuals, using either thecurrent set of cameras/readers or different sets of cameras/readers, asneeded. At this juncture, the process could send requests for updatedalgorithms, as is discussed below for both the overall process (as inFIG. 2) or to update nodes for different node-level processing andsensing (FIG. 3).

The process 60 correlates the paths taken by different individuals withdifferent readings of valid credentials or badges from the same ordifferent sets of cameras/readers.

For example, at this junction more sophisticated recognition algorithms,e.g., facial recognition, etc. can be used. In addition, processingalgorithms can be sent to other nodes in the network to train process onthe tracked individuals where the nodes that are send these algorithmsare selected based on an estimation or prediction of direction/paths oftravel through the premises.

At some point as individuals come and go, a non-badged/credentialedindividual can be isolated individually or to a small group, and thenthe process will focus tracking on that individual. At any point inprocessing where there is a discrepancy an alarm can be raised. As theprocess detects the presence of new individuals and detects thedeparture of previously tracked individuals from the group ofindividuals, the process is still continually tracking the one or moreindividuals without valid credentials. Newly added individuals can berecognized in the video captured, especially if more intensivealgorithms are used, and departing individuals can be noted by a validreading of their tags/credentials. If an individual departs without avalid tag read, when is should have been read, that person is mostlikely the non-credentialed individual.

As previously mentioned, using the network 10 of FIG. 1, it is possibleduring processing that various ones of the nodes in FIG. 1 are broughtto bear on tracking of FIG. 2. Thus, the servers of FIG. 1 or othersystems can generate updates to functions (not shown) that are performedat the lower tiers e.g., such nodes. These nodes at the lower tierreceive 46 these new or updated functions and apply 48 the changedfunction to the processing performed by the nodes within processing ofFIG. 2.

Examples of updated processing include sending more sophisticatedrecognition algorithms to video cameras or nodes that process the videoinformation. Other examples are that certain ones of the nodes in FIG. 1can be IP address reading sensors that are brought to bear on trackingof the non-credentialed individual or generally tracking of credentialedindividuals.

Thus, the servers of FIG. 1 or other systems can generate updates tofunctions (not shown) that are performed at the lower tiers, these nodescan receive 46 these new or updated functions and apply 48 the changedfunction to processing of FIG. 2. As previously tracked individuals thedepart, card readers can determine/sense credentials and the process candetermine if they were validly credentialed and if so, terminatetracking on those departed individuals. On the other hand as new trackedindividuals join, card readers can determine/sense credentials and theprocess can determine if they are validly credentialed and if so,terminate tracking on those new individuals. At some point thenon-credentialed individual can be isolated to one or a few individuals,and his/their location(s) identified. The process produces and sends amessage that notifies authorities to physically intervene with themessage including available location information.

The nodes may be implemented using any appropriate type of computingdevice, such as a mainframe work station, a personal computer, a server,a portable computing device, or any other type of intelligent devicecapable of executing instructions, connecting to a network, andforwarding data packets through the network. The nodes can execute anyappropriate computer programs to generate, receive, and transmit datapackets for use on the network.

FIG. 4 shows an example of a security system having features of the WSNdescribed with respect to FIGS. 1 to 3 and having the variousfunctionalities described herein. As shown in FIG. 4, correlationprocessing receives inputs from certain constrained nodes (althoughthese can also be fully functional nodes). These inputs may includecredential information and video information, and the correlationprocessing may produce correlated results that are sent over thenetwork. Context management processing receives inputs from certainconstrained nodes (although these can also be fully functional nodes)e.g., credential information and video and grouping information, andperforms context processing with results sent over the network. Thenetwork supports operation of emergency exit indicators; emergencycameras as well as distributed rule processing and rule engine/messagingprocessing. Range extenders are used with e.g., gateways, and a realtime location system receives inputs from various sensors (e.g.,constrained type) as shown. Servers interface to the WSN via a cloudcomputing configuration and parts of some networks can be run assub-nets.

The sensors provide in addition to an indication that something isdetected in an area within the range of the sensors, detailed additionalinformation that can be used to evaluate what that indication may bewithout the intrusion detection panel being required to performextensive analysis of inputs to the particular sensor.

For example, a motion detector could be configured to analyze the heatsignature of a warm body moving in a room to determine if the body isthat of a human or a pet. Results of that analysis would be a message ordata that conveys information about the body detected. Various sensorsthus are used to sense sound, motion, vibration, pressure, heat, images,and so forth, in an appropriate combination to detect a true or verifiedalarm condition at the intrusion detection panel.

Recognition software can be used to discriminate between objects thatare a human and objects that are an animal; further facial recognitionsoftware can be built into video cameras and used to verify that theperimeter intrusion was the result of a recognized, authorizedindividual. Such video cameras would comprise a processor and memory andthe recognition software to process inputs (captured images) by thecamera and produce the metadata to convey information regardingrecognition or lack of recognition of an individual captured by thevideo camera. The processing could also alternatively or in additioninclude information regarding characteristic of the individual in thearea captured/monitored by the video camera. Thus, depending on thecircumstances, the information would be either metadata received fromenhanced motion detectors and video cameras that performed enhancedanalysis on inputs to the sensor that gives characteristics of theperimeter intrusion or a metadata resulting from very complex processingthat seeks to establish recognition of the object.

Sensor devices can integrate multiple sensors to generate more complexoutputs so that the intrusion detection panel can utilize its processingcapabilities to execute algorithms that analyze the environment bybuilding virtual images or signatures of the environment to make anintelligent decision about the validity of a breach.

Memory stores program instructions and data used by the processor of theintrusion detection panel. The memory may be a suitable combination ofrandom access memory and read-only memory, and may host suitable programinstructions (e.g. firmware or operating software), and configurationand operating data and may be organized as a file system or otherwise.The stored program instruction may include one or more authenticationprocesses for authenticating one or more users. The program instructionsstored in the memory of the panel may further store software componentsallowing network communications and establishment of connections to thedata network. The software components may, for example, include aninternet protocol (IP) stack, as well as driver components for thevarious interfaces, including the interfaces and the keypad. Othersoftware components suitable for establishing a connection andcommunicating across network will be apparent to those of ordinaryskill.

Program instructions stored in the memory, along with configuration datamay control overall operation of the panel.

The monitoring server includes one or more processing devices (e.g.,microprocessors), a network interface and a memory (all notillustrated). The monitoring server may physically take the form of arack mounted card and may be in communication with one or more operatorterminals (not shown). An example monitoring server is a SURGARD™SG-System III Virtual, or similar system.

The processor of each monitoring server acts as a controller for eachmonitoring server, and is in communication with, and controls overalloperation, of each server. The processor may include, or be incommunication with, the memory that stores processor executableinstructions controlling the overall operation of the monitoring server.Suitable software enable each monitoring server to receive alarms andcause appropriate actions to occur. Software may include a suitableInternet protocol (IP) stack and applications/clients.

Each monitoring server of the central monitoring station may beassociated with an IP address and port(s) by which it communicates withthe control panels and/or the user devices to handle alarm events, etc.The monitoring server address may be static, and thus always identify aparticular one of monitoring server to the intrusion detection panels.Alternatively, dynamic addresses could be used, and associated withstatic domain names, resolved through a domain name service.

The network interface card interfaces with the network to receiveincoming signals, and may for example take the form of an Ethernetnetwork interface card (NIC). The servers may be computers,thin-clients, or the like, to which received data representative of analarm event is passed for handling by human operators. The monitoringstation may further include, or have access to, a subscriber databasethat includes a database under control of a database engine. Thedatabase may contain entries corresponding to the various subscriberdevices/processes to panels like the panel that are serviced by themonitoring station.

All or part of the processes described herein and their variousmodifications (hereinafter referred to as “the processes”) can beimplemented, at least in part, via a computer program product, i.e., acomputer program tangibly embodied in one or more tangible, physicalhardware storage devices that are computer and/or machine-readablestorage devices for execution by, or to control the operation of, dataprocessing apparatus, e.g., a programmable processor, a computer, ormultiple computers. A computer program can be written in any form ofprogramming language, including compiled or interpreted languages, andit can be deployed in any form, including as a stand-alone program or asa module, component, subroutine, or other unit suitable for use in acomputing environment. A computer program can be deployed to be executedon one computer or on multiple computers at one site or distributedacross multiple sites and interconnected by a network.

Actions associated with implementing the processes can be performed byone or more programmable processors executing one or more computerprograms to perform the functions of the calibration process. All orpart of the processes can be implemented as, special purpose logiccircuitry, e.g., an FPGA (field programmable gate array) and/or an ASIC(application-specific integrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only storagearea or a random access storage area or both. Elements of a computer(including a server) include one or more processors for executinginstructions and one or more storage area devices for storinginstructions and data. Generally, a computer will also include, or beoperatively coupled to receive data from, or transfer data to, or both,one or more machine-readable storage media, such as mass storage devicesfor storing data, e.g., magnetic, magneto-optical disks, or opticaldisks.

Tangible, physical hardware storage devices that are suitable forembodying computer program instructions and data include all forms ofnon-volatile storage, including by way of example, semiconductor storagearea devices, e.g., EPROM, EEPROM, and flash storage area devices;magnetic disks, e.g., internal hard disks or removable disks;magneto-optical disks; and CD-ROM and DVD-ROM disks and volatilecomputer memory, e.g., RAM such as static and dynamic RAM, as well aserasable memory, e.g., flash memory.

In addition, the logic flows depicted in the figures do not require theparticular order shown, or sequential order, to achieve desirableresults. In addition, other actions may be provided, or actions may beeliminated, from the described flows, and other components may be addedto, or removed from, the described systems. Likewise, actions depictedin the figures may be performed by different entities or consolidated.

Elements of different embodiments described herein may be combined toform other embodiments not specifically set forth above. Elements may beleft out of the processes, computer programs, Web pages, etc. describedherein without adversely affecting their operation. Furthermore, variousseparate elements may be combined into one or more individual elementsto perform the functions described herein.

Other implementations not specifically described herein are also withinthe scope of the following claims.

1. A system for physical intrusion detection/alarm monitoring comprises:one or more computing devices, comprising processor devices and memoryin communication with the processor devices, configured to: receive fromreader devices sensory inputs from credentials or badges within amonitored premises; receive video information from camera devicesdisposed throughout the monitored premises; continually correlate thereceived sensory inputs with the received video to: determine the numberof unique credentials or badges within the monitored premises; determinethe number of individuals within the monitored premises from thecaptured video; detect a presence of a possible non-credentialedindividual by determining that the number of unique credentials orbadges within the monitored premises is less than the number ofindividuals within the monitored premises.
 2. The system of claim 1further configured to: apply one or more facial recognition algorithmsto the captured video to recognize the detected individuals in thecaptured video; track each recognized individual in the video until therecognized individual departs an area with a valid reading of acredential or badge, with any remaining individual or individuals thatdepart an area covered by the video without a like number of validreading or readings of a credential or badge including thenon-credentialed individual; and produce an alert to send to a controlcenter to alert authorities to the location of the non-credentialedindividual, with the location being based on locations of the camerasand readers.
 3. The system of claim 1 configured to: apply videorecognition to identify the number of people in a certain area andcorrelate that data with data from one or more remote badge readers toidentify the appropriately number of badged individuals in a group ofindividuals within a monitored area.
 4. The system of claim 3 furtherconfigured to: determine a mismatch between the number of individuals inthe area and a number of read badges or credentials.
 5. The system ofclaim 4 further configured to: continually track all individuals andtheir movements throughout the premises; correlate those movements withdifferent readings of valid credentials or badges to isolate one or morenon-credentialed individuals.
 6. The system of claim 1 wherein the oneor more computing devices include an application layer that executesroutines to provide node functions that are dynamically changed.
 7. Thesystem of claim 1 wherein the systems receives sensory inputs fromcredential readers.
 8. The system of claim 1 wherein the systemcomprises nodes and with certain of the nodes configured to: apply videorecognition to frames of captured video to recognize features thatcorrespond to individuals appearing in the captured frames; anddetermine a number of people within the image.
 9. The system of claim 8wherein in one or more of the certain nodes, the one or more of thecertain nodes are configured to: change the video recognition algorithmthat is applied to find features that correspond to a number ofindividuals.
 10. The system of claim 1 configured to: correlate pathstaken by different individuals with different readings of validcredentials or badges from the same or different sets ofcameras/readers.
 11. A system for physical intrusion detection/alarmmonitoring comprises: a network of plural computing devices comprisingprocessor devices and memory in communication with the processordevices, the network of plural computing devices executing anapplication layer that executes routines to provide node functions thatare dynamically changed, with the network configured to: receive fromreader device nodes sensory inputs from credentials or badges within amonitored premises; receive video information from camera device nodesdisposed throughout the monitored premises; continually correlate by oneor more computing devices the received sensory inputs from the readerdevice nodes with the received video from the camera device nodes;determine the number of unique credentials or badges within themonitored premises; determine the number of individuals within themonitored premises from the captured video; and detect a presence of apossible non-credentialed individual by determining that the number ofunique credentials or badges within the monitored premises is less thanthe number of individuals within the monitored premises; and the systemfurther configured to: dynamically change algorithms on the one or morecomputing device during tracking of the individuals.
 12. The system ofclaim 11 configured to dynamically change algorithms that detect thepresence of a number of individuals to algorithms that apply videorecognition to recognize individuals.
 13. The system of claim 11 whereinone or more of the nodes are configured to: dynamically change videorecognition algorithm that is applied to find features that correspondto a number of individuals.
 14. The system of claim 11 the one or moreof the nodes are configured to: dynamically change recognitionalgorithms; and correlate paths taken by different individuals withdifferent readings of valid credentials or badges from the same ordifferent sets of cameras/readers.